CVE-2004-2694
Description
Outlook Express 6.0 allows remote attackers to bypass access restrictions via a BASE HREF with target=_top, enabling phishing attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Outlook Express 6.0 allows remote attackers to bypass access restrictions via a BASE HREF with target=_top, enabling phishing attacks.
Vulnerability
Microsoft Outlook Express 6.0 contains a vulnerability in the way it processes HTML email messages. By using a BASE tag with an href attribute pointing to an arbitrary URL and target set to _top, an attacker can cause the email client to load remote content directly within the mail message window [1]. This behavior bypasses the intended restriction that links should open in an external browser. The affected versions include Outlook Express 6.0 and possibly earlier versions.
Exploitation
An attacker sends a specially crafted HTML email to a victim. The email contains a BASE element, e.g., `. When the recipient views the email in Outlook Express, the base URL loads content from the attacker's server into the same window [1]. The user does not need to click any link; viewing the message triggers the exploit. The attacker can further spoof displayed URLs by using an anchor tag with a misleading href attribute, such as http://www.malware.com`, making the fake URL appear in the status bar.
Impact
Successful exploitation allows the attacker to load arbitrary remote or local content within the Outlook Express security context. Since the content is rendered inside the email client, there is no browser address bar, making phishing attacks highly effective. The attacker can mimic legitimate websites, steal credentials, or deliver malware. The impact is primarily on confidentiality and integrity, as the user may be tricked into disclosing sensitive information. The attacker does not gain code execution but can achieve social engineering objectives.
Mitigation
Microsoft has not released a security update for this vulnerability as of the publication date (2004). Users are advised to upgrade to a supported version of Outlook Express or use an alternative email client that does not interpret BASE tags in HTML emails. Additionally, configuring Outlook Express to read emails in plain text format can mitigate the risk. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*
- (no CPE)range: =6.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- secunia.com/advisories/11607nvdVendor Advisory
- marc.infonvd
- www.osvdb.org/6121nvd
News mentions
0No linked articles in our index yet.